Rebase to 16.19.1
This commit is contained in:
parent
07c6206905
commit
c0fd38de1e
@ -1,18 +1,19 @@
|
|||||||
From 61fd3e74ff223cd59476ef8a69880c57e3312af7 Mon Sep 17 00:00:00 2001
|
From b0b4d1ddbc720db73fb8ab13cdbbf1ce6524eebd Mon Sep 17 00:00:00 2001
|
||||||
From: Zuzana Svetlikova <zsvetlik@redhat.com>
|
From: Zuzana Svetlikova <zsvetlik@redhat.com>
|
||||||
Date: Fri, 17 Apr 2020 12:59:44 +0200
|
Date: Fri, 17 Apr 2020 12:59:44 +0200
|
||||||
Subject: [PATCH] Disable running gyp on shared deps
|
Subject: [PATCH 1/2] Disable running gyp on shared deps
|
||||||
|
|
||||||
Signed-off-by: rpm-build <rpm-build>
|
|
||||||
---
|
---
|
||||||
Makefile | 2 +-
|
Makefile | 2 +-
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/Makefile b/Makefile
|
diff --git a/Makefile b/Makefile
|
||||||
index dc6f08b..c865e72 100644
|
index 93d63110ae2e3928a95d24036b86d11885ab240f..79caaec2112cefa8f6a1c947375b517e9676f176 100644
|
||||||
--- a/Makefile
|
--- a/Makefile
|
||||||
+++ b/Makefile
|
+++ b/Makefile
|
||||||
@@ -147,7 +147,7 @@ with-code-cache test-code-cache:
|
@@ -136,11 +136,11 @@ endif
|
||||||
|
.PHONY: test-code-cache
|
||||||
|
with-code-cache test-code-cache:
|
||||||
$(warning '$@' target is a noop)
|
$(warning '$@' target is a noop)
|
||||||
|
|
||||||
out/Makefile: config.gypi common.gypi node.gyp \
|
out/Makefile: config.gypi common.gypi node.gyp \
|
||||||
@ -21,6 +22,8 @@ index dc6f08b..c865e72 100644
|
|||||||
tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
|
tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
|
||||||
tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
|
tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
|
||||||
$(PYTHON) tools/gyp_node.py -f make
|
$(PYTHON) tools/gyp_node.py -f make
|
||||||
--
|
|
||||||
2.37.3
|
# node_version.h is listed because the N-API version is taken from there
|
||||||
|
--
|
||||||
|
2.29.2
|
||||||
|
|
||||||
|
@ -0,0 +1,45 @@
|
|||||||
|
From df574e2999dc6c2c38138bd0c3ec61dfafe9c929 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kornel <kornel@geekhood.net>
|
||||||
|
Date: Fri, 27 Jan 2023 01:20:38 +0000
|
||||||
|
Subject: [PATCH] deps(http-cache-semantics): Don't use regex to trim
|
||||||
|
whitespace
|
||||||
|
|
||||||
|
Signed-off-by: rpm-build <rpm-build>
|
||||||
|
---
|
||||||
|
deps/npm/node_modules/http-cache-semantics/index.js | 6 +++---
|
||||||
|
deps/npm/node_modules/http-cache-semantics/package.json | 2 +-
|
||||||
|
2 files changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/deps/npm/node_modules/http-cache-semantics/index.js b/deps/npm/node_modules/http-cache-semantics/index.js
|
||||||
|
index 4f6c2f3..39d58a7 100644
|
||||||
|
--- a/deps/npm/node_modules/http-cache-semantics/index.js
|
||||||
|
+++ b/deps/npm/node_modules/http-cache-semantics/index.js
|
||||||
|
@@ -79,10 +79,10 @@ function parseCacheControl(header) {
|
||||||
|
|
||||||
|
// TODO: When there is more than one value present for a given directive (e.g., two Expires header fields, multiple Cache-Control: max-age directives),
|
||||||
|
// the directive's value is considered invalid. Caches are encouraged to consider responses that have invalid freshness information to be stale
|
||||||
|
- const parts = header.trim().split(/\s*,\s*/); // TODO: lame parsing
|
||||||
|
+ const parts = header.trim().split(/,/);
|
||||||
|
for (const part of parts) {
|
||||||
|
- const [k, v] = part.split(/\s*=\s*/, 2);
|
||||||
|
- cc[k] = v === undefined ? true : v.replace(/^"|"$/g, ''); // TODO: lame unquoting
|
||||||
|
+ const [k, v] = part.split(/=/, 2);
|
||||||
|
+ cc[k.trim()] = v === undefined ? true : v.trim().replace(/^"|"$/g, '');
|
||||||
|
}
|
||||||
|
|
||||||
|
return cc;
|
||||||
|
diff --git a/deps/npm/node_modules/http-cache-semantics/package.json b/deps/npm/node_modules/http-cache-semantics/package.json
|
||||||
|
index 897798d..79c020a 100644
|
||||||
|
--- a/deps/npm/node_modules/http-cache-semantics/package.json
|
||||||
|
+++ b/deps/npm/node_modules/http-cache-semantics/package.json
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
{
|
||||||
|
"name": "http-cache-semantics",
|
||||||
|
- "version": "4.1.0",
|
||||||
|
+ "version": "4.1.1",
|
||||||
|
"description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies",
|
||||||
|
"repository": "https://github.com/kornelski/http-cache-semantics.git",
|
||||||
|
"main": "index.js",
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
@ -1,31 +0,0 @@
|
|||||||
From 9872b897d6a9a39e3392c39bca70cfd9dd084558 Mon Sep 17 00:00:00 2001
|
|
||||||
From: rpm-build <rpm-build>
|
|
||||||
Date: Mon, 26 Sep 2022 16:02:39 +0200
|
|
||||||
Subject: [PATCH] install: keep installing dtrace and systemtap files
|
|
||||||
|
|
||||||
Partly reverts commit e27e709d3ca93b3e7036ddc4f4d28dfde228bfb6.
|
|
||||||
|
|
||||||
Signed-off-by: rpm-build <rpm-build>
|
|
||||||
---
|
|
||||||
tools/install.py | 5 +++++
|
|
||||||
1 file changed, 5 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/tools/install.py b/tools/install.py
|
|
||||||
index 4b01d67..dc16797 100755
|
|
||||||
--- a/tools/install.py
|
|
||||||
+++ b/tools/install.py
|
|
||||||
@@ -178,6 +178,11 @@ def files(action):
|
|
||||||
output_lib = 'libnode.' + variables.get('shlib_suffix')
|
|
||||||
action([output_prefix + output_lib], variables.get('libdir') + '/' + output_lib)
|
|
||||||
|
|
||||||
+ if 'true' == variables.get('node_use_dtrace'):
|
|
||||||
+ action(['out/Release/node.d'], variables.get('libdir') + '/dtrace/node.d')
|
|
||||||
+
|
|
||||||
+ action(['src/node.stp'], 'share/systemtap/tapset/')
|
|
||||||
+
|
|
||||||
action(['deps/v8/tools/gdbinit'], 'share/doc/node/')
|
|
||||||
action(['deps/v8/tools/lldb_commands.py'], 'share/doc/node/')
|
|
||||||
|
|
||||||
--
|
|
||||||
2.37.3
|
|
||||||
|
|
@ -0,0 +1,53 @@
|
|||||||
|
From 2c06dc63aa864be8648758e71fa70e3d3f47e06f Mon Sep 17 00:00:00 2001
|
||||||
|
From: hopper-vul <118949689+hopper-vul@users.noreply.github.com>
|
||||||
|
Date: Wed, 18 Jan 2023 22:14:26 +0800
|
||||||
|
Subject: [PATCH] deps(cares): Add str len check in config_sortlist to avoid
|
||||||
|
stack overflow (#497)
|
||||||
|
|
||||||
|
In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse
|
||||||
|
the input str and initialize a sortlist configuration.
|
||||||
|
|
||||||
|
However, ares_set_sortlist has not any checks about the validity of the input str.
|
||||||
|
It is very easy to create an arbitrary length stack overflow with the unchecked
|
||||||
|
`memcpy(ipbuf, str, q-str);` and `memcpy(ipbufpfx, str, q-str);`
|
||||||
|
statements in the config_sortlist call, which could potentially cause severe
|
||||||
|
security impact in practical programs.
|
||||||
|
|
||||||
|
This commit add necessary check for `ipbuf` and `ipbufpfx` which avoid the
|
||||||
|
potential stack overflows.
|
||||||
|
|
||||||
|
fixes #496
|
||||||
|
|
||||||
|
Fix By: @hopper-vul
|
||||||
|
Resolves: CVE-2022-4904
|
||||||
|
|
||||||
|
Signed-off-by: rpm-build <rpm-build>
|
||||||
|
---
|
||||||
|
deps/cares/src/lib/ares_init.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/deps/cares/src/lib/ares_init.c b/deps/cares/src/lib/ares_init.c
|
||||||
|
index de5d86c..d5858f6 100644
|
||||||
|
--- a/deps/cares/src/lib/ares_init.c
|
||||||
|
+++ b/deps/cares/src/lib/ares_init.c
|
||||||
|
@@ -2243,6 +2243,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
|
||||||
|
q = str;
|
||||||
|
while (*q && *q != '/' && *q != ';' && !ISSPACE(*q))
|
||||||
|
q++;
|
||||||
|
+ if (q-str >= 16)
|
||||||
|
+ return ARES_EBADSTR;
|
||||||
|
memcpy(ipbuf, str, q-str);
|
||||||
|
ipbuf[q-str] = '\0';
|
||||||
|
/* Find the prefix */
|
||||||
|
@@ -2251,6 +2253,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
|
||||||
|
const char *str2 = q+1;
|
||||||
|
while (*q && *q != ';' && !ISSPACE(*q))
|
||||||
|
q++;
|
||||||
|
+ if (q-str >= 32)
|
||||||
|
+ return ARES_EBADSTR;
|
||||||
|
memcpy(ipbufpfx, str, q-str);
|
||||||
|
ipbufpfx[q-str] = '\0';
|
||||||
|
str = str2;
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
35
nodejs.spec
35
nodejs.spec
@ -30,7 +30,7 @@
|
|||||||
# This is used by both the nodejs package and the npm subpackage that
|
# This is used by both the nodejs package and the npm subpackage that
|
||||||
# has a separate version - the name is special so that rpmdev-bumpspec
|
# has a separate version - the name is special so that rpmdev-bumpspec
|
||||||
# will bump this rather than adding .1 to the end.
|
# will bump this rather than adding .1 to the end.
|
||||||
%global baserelease 3
|
%global baserelease 1
|
||||||
|
|
||||||
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
||||||
|
|
||||||
@ -41,7 +41,7 @@
|
|||||||
# than a Fedora release lifecycle.
|
# than a Fedora release lifecycle.
|
||||||
%global nodejs_epoch 1
|
%global nodejs_epoch 1
|
||||||
%global nodejs_major 16
|
%global nodejs_major 16
|
||||||
%global nodejs_minor 18
|
%global nodejs_minor 19
|
||||||
%global nodejs_patch 1
|
%global nodejs_patch 1
|
||||||
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
|
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
|
||||||
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
|
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
|
||||||
@ -118,7 +118,7 @@
|
|||||||
|
|
||||||
# npm - from deps/npm/package.json
|
# npm - from deps/npm/package.json
|
||||||
%global npm_epoch 1
|
%global npm_epoch 1
|
||||||
%global npm_version 8.19.2
|
%global npm_version 8.19.3
|
||||||
|
|
||||||
# In order to avoid needing to keep incrementing the release version for the
|
# In order to avoid needing to keep incrementing the release version for the
|
||||||
# main package forever, we will just construct one for npm that is guaranteed
|
# main package forever, we will just construct one for npm that is guaranteed
|
||||||
@ -170,16 +170,19 @@ Source101: cjs-module-lexer-1.2.2.tar.gz
|
|||||||
Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
|
Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
|
||||||
|
|
||||||
# Version: jq '.version' deps/undici/src/package.json
|
# Version: jq '.version' deps/undici/src/package.json
|
||||||
# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.10.0.tar.gz
|
# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.19.1.tar.gz
|
||||||
# Adjustments: rm -f undici-5.10.0/lib/llhttp/llhttp*.wasm*
|
# Adjustments: rm -f undici-5.19.1/lib/llhttp/llhttp*.wasm*
|
||||||
Source111: undici-5.10.0.tar.gz
|
Source111: undici-5.19.1.tar.gz
|
||||||
# The WASM blob was made using wasi-sdk v14; compiler libraries are linked in.
|
# The WASM blob was made using wasi-sdk v14; compiler libraries are linked in.
|
||||||
# Version source: build/Dockerfile
|
# Version source: build/Dockerfile
|
||||||
Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz
|
Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz
|
||||||
|
|
||||||
# Disable running gyp on bundled deps we don't use
|
# Disable running gyp on bundled deps we don't use
|
||||||
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
|
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
|
||||||
Patch2: 0002-install-keep-installing-dtrace-and-systemtap-files.patch
|
# CVE-2022-25881
|
||||||
|
Patch2: 0002-deps-http-cache-semantics-Don-t-use-regex-to-trim-wh.patch
|
||||||
|
# CVE-2022-4904
|
||||||
|
Patch3: 0003-deps-cares-Add-str-len-check-in-config_sortlist-to-a.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel
|
||||||
@ -204,15 +207,15 @@ BuildRequires: systemtap-sdt-devel
|
|||||||
%if %{with bundled}
|
%if %{with bundled}
|
||||||
Provides: bundled(libuv) = %{libuv_version}
|
Provides: bundled(libuv) = %{libuv_version}
|
||||||
%else
|
%else
|
||||||
BuildRequires: libuv-devel >= 1:%{libuv_version}
|
BuildRequires: libuv-devel >= 1:%{libuv_version}
|
||||||
Requires: libuv-devel >= 1:%{libuv_version}
|
Requires: libuv >= 1:%{libuv_version}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{with bundled} || !(0%{?fedora} || 0%{?rhel} >= 9)
|
%if %{with bundled} || !(0%{?fedora} || 0%{?rhel} >= 9)
|
||||||
Provides: bundled(nghttp2) = %{nghttp2_version}
|
Provides: bundled(nghttp2) = %{nghttp2_version}
|
||||||
%else
|
%else
|
||||||
BuildRequires: libnghttp2-devel >= %{nghttp2_version}
|
BuildRequires: libnghttp2-devel >= %{nghttp2_version}
|
||||||
Requires: libnghttp2-devel >= %{nghttp2_version}
|
Requires: libnghttp2 >= %{nghttp2_version}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Temporarily bundle llhttp because the upstream doesn't
|
# Temporarily bundle llhttp because the upstream doesn't
|
||||||
@ -694,10 +697,12 @@ end
|
|||||||
%doc %{_mandir}/man1/npx.1*
|
%doc %{_mandir}/man1/npx.1*
|
||||||
%doc %{_mandir}/man5/folders.5*
|
%doc %{_mandir}/man5/folders.5*
|
||||||
%doc %{_mandir}/man5/install.5*
|
%doc %{_mandir}/man5/install.5*
|
||||||
|
%doc %{_mandir}/man5/npm-global.5*
|
||||||
|
%doc %{_mandir}/man5/npm-json.5*
|
||||||
|
%doc %{_mandir}/man5/npm-shrinkwrap-json.5*
|
||||||
%doc %{_mandir}/man5/npmrc.5*
|
%doc %{_mandir}/man5/npmrc.5*
|
||||||
%doc %{_mandir}/man5/package-json.5*
|
%doc %{_mandir}/man5/package-json.5*
|
||||||
%doc %{_mandir}/man5/package-lock-json.5*
|
%doc %{_mandir}/man5/package-lock-json.5*
|
||||||
%doc %{_mandir}/man5/npm-shrinkwrap-json.5*
|
|
||||||
%doc %{_mandir}/man7/config.7*
|
%doc %{_mandir}/man7/config.7*
|
||||||
%doc %{_mandir}/man7/dependency-selectors.7*
|
%doc %{_mandir}/man7/dependency-selectors.7*
|
||||||
%doc %{_mandir}/man7/developers.7*
|
%doc %{_mandir}/man7/developers.7*
|
||||||
@ -719,6 +724,12 @@ end
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Mar 27 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.19.1-1
|
||||||
|
- Rebase to 16.19.1
|
||||||
|
- Resolves: rhbz#2153714
|
||||||
|
- Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920
|
||||||
|
- Resolves: CVE-2022-25881 CVE-2022-4904
|
||||||
|
|
||||||
* Wed Dec 07 2022 Jan Staněk <jstanek@redhat.com> - 1:16.18.1-3
|
* Wed Dec 07 2022 Jan Staněk <jstanek@redhat.com> - 1:16.18.1-3
|
||||||
- Update sources of undici WASM blobs
|
- Update sources of undici WASM blobs
|
||||||
Resolves: rhbz#2151617
|
Resolves: rhbz#2151617
|
||||||
|
4
sources
4
sources
@ -1,6 +1,6 @@
|
|||||||
SHA512 (node-v16.18.1-stripped.tar.gz) = 6c13f04aaceffccb75f609faa407197d47b0fff3aab82d85a10bc209e74ab7a045075afb9839e2eb71934a025375427c83426292509f6c72ef6375090a6fb5c4
|
SHA512 (node-v16.19.1-stripped.tar.gz) = 22354e7e952028c5bcf2712c94569eb4153f43c3e98093453ab76dde06f704725135ea77dbce597039fac99d5d3964fee9a2cc98e1d59c3d412e574326468b37
|
||||||
SHA512 (icu4c-71_1-src.tgz) = 1fd2a20aef48369d1f06e2bb74584877b8ad0eb529320b976264ec2db87420bae242715795f372dbc513ea80047bc49077a064e78205cd5e8b33d746fd2a2912
|
SHA512 (icu4c-71_1-src.tgz) = 1fd2a20aef48369d1f06e2bb74584877b8ad0eb529320b976264ec2db87420bae242715795f372dbc513ea80047bc49077a064e78205cd5e8b33d746fd2a2912
|
||||||
SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 2c8e9caf2231ca7d61e71936305389774859aca9b5c86c63489c9a62a81f4736f99477c3f0cbb41077bb7924fdd23e0f24b7bce858e42fb0f87e7c0ffc87afeb
|
SHA512 (cjs-module-lexer-1.2.2.tar.gz) = 2c8e9caf2231ca7d61e71936305389774859aca9b5c86c63489c9a62a81f4736f99477c3f0cbb41077bb7924fdd23e0f24b7bce858e42fb0f87e7c0ffc87afeb
|
||||||
SHA512 (undici-5.10.0.tar.gz) = ce582986e367783eb8e7350e8e14237afb014793b81b94783d043d673624f9d615cb664c553e7334ed4d1d56ec31c08094ed3d8d8be28fcbdd5daabaae687ddd
|
SHA512 (undici-5.19.1.tar.gz) = 71ca06acac25e0ef4d44bf9e523b6068d6906ee5ed926befa224c312335f471d1f6c1eec10c0a275b1212c72fd6f8b13a3a47c3a1ca51777a062ad8ea7193a7e
|
||||||
SHA512 (wasi-sdk-wasi-sdk-11.tar.gz) = cb37f357b09431a3efad26141d83dce63232a35b536d9a7bd341d4d9627a0a3d4bd4d57504b6e3dab421942d2c168a96da2a6be889aab3f9a2852fc5a3200d3c
|
SHA512 (wasi-sdk-wasi-sdk-11.tar.gz) = cb37f357b09431a3efad26141d83dce63232a35b536d9a7bd341d4d9627a0a3d4bd4d57504b6e3dab421942d2c168a96da2a6be889aab3f9a2852fc5a3200d3c
|
||||||
SHA512 (wasi-sdk-wasi-sdk-14.tar.gz) = 4fecb3d9c04b91eb2388a9e51d49fbff6f22b81f9945a07ecdbfe479c96dad1e3b673b8bee24842b0dae5294129a9cb35dcf8e5ecf45437a6d01fb6e0fd13645
|
SHA512 (wasi-sdk-wasi-sdk-14.tar.gz) = 4fecb3d9c04b91eb2388a9e51d49fbff6f22b81f9945a07ecdbfe479c96dad1e3b673b8bee24842b0dae5294129a9cb35dcf8e5ecf45437a6d01fb6e0fd13645
|
||||||
|
Loading…
Reference in New Issue
Block a user